Threat Intelligence Blog

Weekly Threat Intelligence Brief: August 9, 2016

Posted August 9, 2016

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.

Insurance/Healthcare

“Banner Health, which owns and operates 29 hospitals in seven states, recently began notifying approximately 3.7 million patients, health plan members and beneficiaries, food and beverage customers, physicians and healthcare providers that their information may have been exposed as a result of a cyber attack.

On July 7, the company discovered that hackers may have accessed computer systems that process payment card data at food and beverage locations at some Banner Health facilities, potentially exposing the names, card numbers, expiration dates and verification codes for those who used payment cards at Banner Health food and beverage locations between June 23 and July 7, 2016.”

– eSecurity Planet

Financial Services

“It seems there’s no limit to the perils being faced by athletes at the Rio 2016 Olympics: not just their competitors, but toxic water, poor accommodations and impressive mobile bills. Add malicious pandas to the menu — virtual ones, at least. A nasty Trojan known as Zeus Panda has made its way to the Olympic host just in time for an influx of visitors.

IBM’s X-Force Research discovered that the Trojan, a variant of the Zeus variety that’s been kicking around for the last few years, had spread to Brazil in July. Zeus and its relatives — the pantheon, if you will — target transactions such as online banking logins, payment portals and bitcoin exchanges. Basically anywhere they can slip in and steal a login with the power to approve more such transactions.”

Technology

“Even though Yahoo is yet to confirm whether the batch actually contains their users’ data, chances are good that it does, as Peace has been selling huge batches of user data stolen from VK, Tumblr, iMesh and other online services, and those have been the real deal.

This batch is being sold for 3 bitcoins (a little over $1,860), and apparently contains the username, MD5-hashed password, and date of birth of some 200 million users, and backup email addresses, country and ZIP code of US users.”

Defense

“Russian military networks and other critical infrastructure have been hit by tailor-made malware, according to government officials.

Networks at some 20 organizations in Russia — including scientific and military institutions, defense contractors, and public authorities — were found to be infected with the malware, the Russian Federal Security Service (FSB) said Saturday.

The range of infected sites suggests that the targets were deliberately selected as part of a cyber-espionage operation, the FSB said.”